Re: DataSource question
I think that's the MaxActive connections on the database. Depending on how you configure the datasource it will be available for one or all webapps. The tomcat docs have a good explanation, here you got the link for tomcat 5.5. http://tomcat.apache.org/tomcat-5.5-doc/jndi-resources-howto.html Please correct me if I'm wrong, or if I missunderstood your question. Cheers! 2008/1/8, Eqbal [EMAIL PROTECTED]: I have defined my jndi DataSource for connecting to the database under the conf/context.xml file. I would like to understand what it means in terms of availability of the datasource to each of the web apps and the thing I am confused about is what is the maximum number of connections available? Is it the maxActive times number of web apps or just maxActive? Thanks. Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Víctor
Re: Monitoring Tomcat Clusters
Sorry I missed this in the last post Also regarding Monitoring tomcat , using JMX is better Check this: http://tomcat.apache.org/tomcat-5.5-doc/monitoring.html Shiby Maria John wrote: HI, Do the Tomcat 5.5.x / 6.x versions have a default bundled application for monitoring tomcat clusters ? Also does it support JMS ? Regards, Shiby - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- signature full-name Vinu Varghese /full-name company-email [EMAIL PROTECTED] /company-email company-website www.x-minds.org /company-website big-words Success always occurs in private, and failure in full view. /big-words company-name-big \/ ._ _ o .__| _ /\ ~~ | | | | | | (_| _\ /company-name-big /signature
Re: Database connectivity problem
Could you pls post the stack trace? Sergey Livanov wrote: Please help figure out a connection pool error. My application ( tomcat, spring, ibatis ) works well in the configuration SQL 2000 + ms server 2000. When I transfer the application ( war ) to a win 2003 server I get an error ( error creating connection pool e.t.c. ) (I think ms server 2003 needs to be adjusted). Please help. -- signature full-name Vinu Varghese /full-name company-email [EMAIL PROTECTED] /company-email company-website www.x-minds.org /company-website big-words Success always occurs in private, and failure in full view. /big-words company-name-big \/ ._ _ o .__| _ /\ ~~ | | | | | | (_| _\ /company-name-big /signature
Re: Tomcat consumes much memory when web.xml size grows
Try putting those jars in the lib folder of the WAR unnikrishnans wrote: I have one war file having size 140MB and has been deployed in tomcat 5 and runs smothly. This war contains files from 20 different modules. So i planned to split war in to multiple jar file in the following manner. one main.war file contains common classes,images,stylesheets,common jsp files and web.xml . seperate module jar files with following . java classes of the particular module pre-compiled Jsp files of the module jsp.( Since jsp's are pre compiled these entries will go to web.xml) main.war will be having servlets entries of all the pre-compiled jsp's. The count comes around 6000. All these module jar files are put in to shared/lib. while starting tomcat , it is found that it is taking 200MB more memory than the previous one.It seems that when the number of servlet entries in web.xml is more, it consumes much memory. Is there any way to invoke the pre-compiled Jsp files with out having entry in web.xml file. Any help is appreciated. thanks regards unni -- signature full-name Vinu Varghese /full-name company-email [EMAIL PROTECTED] /company-email company-website www.x-minds.org /company-website big-words Success always occurs in private, and failure in full view. /big-words company-name-big \/ ._ _ o .__| _ /\ ~~ | | | | | | (_| _\ /company-name-big /signature
Re: Monitoring Tomcat Clusters
See this : .1) http://www.jguru.com/faq/view.jsp?EID=499412 .2) http://www.onjava.com/pub/a/onjava/2001/12/12/openjms.html .3) http://activemq.apache.org/tomcat.html HTH Shiby Maria John wrote: HI, Do the Tomcat 5.5.x / 6.x versions have a default bundled application for monitoring tomcat clusters ? Also does it support JMS ? Regards, Shiby - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- signature full-name Vinu Varghese /full-name company-email [EMAIL PROTECTED] /company-email company-website www.x-minds.org /company-website big-words Success always occurs in private, and failure in full view. /big-words company-name-big \/ ._ _ o .__| _ /\ ~~ | | | | | | (_| _\ /company-name-big /signature
Why use a Web Server over Tomcat?
Hi there! Im making a research about internet banking and e-commerce good practices to design a secure system. I have an application based on servlets running in a Tomcat Server. My application provides secure authentication based in both methods: SSL mutual authentication and form authentication(supplied by Tomcat). All the data that is sent over the network are encrypted(SSL). In my research I discovered that some systems banks that using applications based on servlets( or something based on servlets, like JSP and other things), are using a Web Server like ISS, over a Servlet Container( like Sun Web Server, or possibly Tomcat Server). Why thats happen? Why we have a Web Server over another Web Server, if the low-level Web Server is capable to do everything alone? In my application, client authentication and authorization is controlled by Tomcat Server. Should use I a Apache Server over Tomcat or an IIS server over Tomcat? What kind of security am I providing doing this? My research is in the beginning and the documentation about it is vague, so I apologize if Im saying something wrong. Regards, Bárbara Vieira
RE: Why use a Web Server over Tomcat?
From: Kristian Rink [mailto:[EMAIL PROTECTED] Asides this, while tomcat and friends (servlet containers) are made to serve up, well, J2EE web tier applications, web servers like apache2, lighttpd, ... are usually better at serving static content (images, static css files, html documents that don't contain any logic, ...). Review the list archives for the disproof of this myth. Tomcat 5.0 and above are quite capable of serving static content, efficiently enough that you'll saturate your network connection long before you saturate disk, memory or CPU. - Peter - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Why use a Web Server over Tomcat?
Bárbara, Am Tue, 8 Jan 2008 11:13:34 - schrieb Bárbara Vieira [EMAIL PROTECTED]: [...] Why thats happen? Why we have a Web Server over another Web Server, if the low-level Web Server is capable to do everything alone? To give you an example: We do use a set of tomcat machines (four nodes, currently) to carry our enterprise application, having an apache web server in front of those to do load balancing / failover clustering. Asides this, while tomcat and friends (servlet containers) are made to serve up, well, J2EE web tier applications, web servers like apache2, lighttpd, ... are usually better at serving static content (images, static css files, html documents that don't contain any logic, ...). And, to add another point: Maybe your choice of technology is not limited to J(2)EE but also does include PHP, Python, Perl (be that in applications of your own and/or in some content management system to serve your company web site), this is what you usually want to have a non-J2EE web server for. :) Cheers, Kristian -- Kristian Rink * http://zimmer428.net * http://flickr.com/photos/z428/ jab: [EMAIL PROTECTED] * icq: 48874445 * fon: ++49 176 2447 2771 One dreaming alone, it will be only a dream; many dreaming together is the beginning of a new reality. (Hundertwasser) - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Why use a Web Server over Tomcat?
Review the list archives for the disproof of this myth. Tomcat 5.0 and above are quite capable of serving static content, efficiently enough that you'll saturate your network connection long before you saturate disk, memory or CPU. So unless you have one of the situations like those described by Kristian. Like having other technologies like PHP you don't have to make load balance with Apache 2. Its way better to make a load balance with several Tomcats since you can make a load balance of your dynamic content too. On Jan 8, 2008 9:56 AM, Peter Crowther [EMAIL PROTECTED] wrote: From: Kristian Rink [mailto:[EMAIL PROTECTED] Asides this, while tomcat and friends (servlet containers) are made to serve up, well, J2EE web tier applications, web servers like apache2, lighttpd, ... are usually better at serving static content (images, static css files, html documents that don't contain any logic, ...). Review the list archives for the disproof of this myth. Tomcat 5.0 and above are quite capable of serving static content, efficiently enough that you'll saturate your network connection long before you saturate disk, memory or CPU. - Peter - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Diego
Tomcat 5.5 problem with log4j and policy
Hi, I'm deploying a struts 1.3.x webapp on tomcat 5.5. I'm using log4j 1.2.13 for logging and I've configured to log everything at /var/tmp/myapp.log However when i try to deploy the app tomcat complains that the webapp is not allowed to write on /var/log/myapp.log. How should I modify the policy files in order to enable proper logging? Moreover: is it correct to specify the log name in the log4j.properties files inside the webapp? Is there another more general way to do this so i do not have to modify it if I deploy the webapp on win instead of linux? Thanks R -- Roberto Riggio, PhD Student CREATE-NET Via alla Cascata 56/C 38100 Trento (Italy) E-mail: [EMAIL PROTECTED] HomePage: http://disi.unitn.it/~riggio/ Tel: +39.0461.314.960 Fax: +39.0461.314.972 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Monitoring Tomcat Clusters
Hi! A very fine new Eclipse plugin make the monitoring live easier: http://jmxplorer.sourceforge.net/wiki/index.php/Managing_Tomcat and for admin access give the jagger cli/jmx interface a chance: http://jagger.berlios.de/ The lamdaprobe console had also a nice tomcat 5.5 jmx cluster monitoring (http://www.lambdaprobe.org/d/index.html), but it seem that probe development is stopped! Regards Peter Am 08.01.2008 um 11:40 schrieb Vinu Varghese Sorry I missed this in the last post Also regarding Monitoring tomcat , using JMX is better Check this: http://tomcat.apache.org/tomcat-5.5-doc/monitoring.html Shiby Maria John wrote: HI, Do the Tomcat 5.5.x / 6.x versions have a default bundled application for monitoring tomcat clusters ? Also does it support JMS ? Regards, Shiby - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- signature full-name Vinu Varghese /full-name company-email [EMAIL PROTECTED] /company-email company-website www.x-minds.org /company-website big-words Success always occurs in private, and failure in full view. /big-words company-name-big \/ ._ _ o .__| _ /\ ~~ | | | | | | (_| _ \/ company-name-big /signature
Re: Tomcat 5.5 problem with log4j and policy
Hi, sorry for the mistake, this is the directory where I'm logging: drwxr-x--- 2 tomcat55 adm 4096 2008-01-08 09:23 tomcat5.5 so the path that I'm using is: /var/log/tomcat5.5/myapp.log Tomcat is running under the user tomcat55 R. - Vinu Varghese [EMAIL PROTECTED] wrote: Hi, Under which user the tomcat process is running?. It seems the user doesn't have enough privilege to write to the folder. regards Roberto Riggio wrote: Hi, I'm deploying a struts 1.3.x webapp on tomcat 5.5. I'm using log4j 1.2.13 for logging and I've configured to log everything at /var/tmp/myapp.log However when i try to deploy the app tomcat complains that the webapp is not allowed to write on /var/log/myapp.log. How should I modify the policy files in order to enable proper logging? Moreover: is it correct to specify the log name in the log4j.properties files inside the webapp? Is there another more general way to do this so i do not have to modify it if I deploy the webapp on win instead of linux? Thanks R -- signature full-name Vinu Varghese /full-name company-email [EMAIL PROTECTED] /company-email company-website www.x-minds.org /company-website big-words Success always occurs in private, and failure in full view. /big-words company-name-big \/ ._ _ o .__| _ /\ ~~ | | | | | | (_| _\ /company-name-big /signature -- Roberto Riggio, PhD Student CREATE-NET Via alla Cascata 56/C 38100 Trento (Italy) E-mail: [EMAIL PROTECTED] HomePage: http://disi.unitn.it/~riggio/ Tel: +39.0461.314.960 Fax: +39.0461.314.972 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AccessControlException in Coyote Http11Processor (Tomcat 6.0.14). Bug in Coyote ?
On Mon, 07 Jan 2008 20:59:28 + Mark Thomas wrote: Not right now. Could you provide the full debug stack trace again please. We should at least see a different problem now the code has been changed. Here it goes: SEVERE: Servlet.service() for servlet jsp threw exception java.security.AccessControlException: org/apache/coyote/http11/Constants at org.apache.coyote.http11.InternalOutputBuffer.sendStatus(InternalOutputBuffer.java:419) at org.apache.coyote.http11.Http11Processor.prepareResponse(Http11Processor.java:1588) at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:934) at org.apache.coyote.Response.action(Response.java:183) at org.apache.coyote.Response.sendHeaders(Response.java:379) at org.apache.catalina.connector.OutputBuffer.doFlush(OutputBuffer.java:305) at org.apache.catalina.connector.OutputBuffer.flush(OutputBuffer.java:288) at org.apache.catalina.connector.CoyoteWriter.flush(CoyoteWriter.java:95) at org.apache.jasper.runtime.JspWriterImpl.flush(JspWriterImpl.java:175) at org.apache.jasper.runtime.JspRuntimeLibrary.include(JspRuntimeLibrary.java:956) at org.apache.jasper.runtime.PageContextImpl.include(PageContextImpl.java:609) at org.apache.jasper.runtime.PageContextImpl.doHandlePageException(PageContextImpl.java:808) at org.apache.jasper.runtime.PageContextImpl.access$1100(PageContextImpl.java:71) at org.apache.jasper.runtime.PageContextImpl$12.run(PageContextImpl.java:766) at java.security.AccessController.doPrivileged(Native Method) at org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImpl.java:764) at org.apache.jsp.WEB_002dINF.view.page_jsp._jspService(page_jsp.java:438) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:393) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:320) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:266) at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at sun.reflect.GeneratedMethodAccessor273.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:517) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:162) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:283) at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:56) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185) at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:654) at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:445) at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:379) at org.apache.catalina.core.ApplicationDispatcher.access$000(ApplicationDispatcher.java:65) at org.apache.catalina.core.ApplicationDispatcher$PrivilegedForward.run(ApplicationDispatcher.java:80) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:284) at org.apache.struts.action.RequestProcessor.doForward(RequestProcessor.java:1069) at org.apache.struts.action.RequestProcessor.processForwardConfig(RequestProcessor.java:455) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:279) at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482) at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:507) at javax.servlet.http.HttpServlet.service(HttpServlet.java:690) at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at sun.reflect.GeneratedMethodAccessor273.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
Re: Tomcat 5.5 problem with log4j and policy
Hi, Under which user the tomcat process is running?. It seems the user doesn't have enough privilege to write to the folder. regards Roberto Riggio wrote: Hi, I'm deploying a struts 1.3.x webapp on tomcat 5.5. I'm using log4j 1.2.13 for logging and I've configured to log everything at /var/tmp/myapp.log However when i try to deploy the app tomcat complains that the webapp is not allowed to write on /var/log/myapp.log. How should I modify the policy files in order to enable proper logging? Moreover: is it correct to specify the log name in the log4j.properties files inside the webapp? Is there another more general way to do this so i do not have to modify it if I deploy the webapp on win instead of linux? Thanks R -- signature full-name Vinu Varghese /full-name company-email [EMAIL PROTECTED] /company-email company-website www.x-minds.org /company-website big-words Success always occurs in private, and failure in full view. /big-words company-name-big \/ ._ _ o .__| _ /\ ~~ | | | | | | (_| _\ /company-name-big /signature
RE: Why use a Web Server over Tomcat?
Diego and Kristian, I understand your perspective. But, my question is about security. Why systems banks use an IIS Server instead of an Apache Server over a Tomcat Server(or some servlet container), if that systems authenticate the client using servlets technology or some technology supplied by some servlet container like Tomcat? I understand the fact that systems uses a Web Server over another to serve static content. But if in my application all content is closed, i.e., every client that wants to accede to that content must be authenticated and that authentication is controlled by Tomcat. Should I have some Web Server over Tomcat? I think that if I have an Apache Server over Tomcat, it causes an overhead, because all requests sent to Apache, must be sent to Tomcat. Regards, Bárbara Vieira -Original Message- From: Diego [mailto:[EMAIL PROTECTED] Sent: terça-feira, 8 de Janeiro de 2008 12:06 To: Tomcat Users List Subject: Re: Why use a Web Server over Tomcat? Review the list archives for the disproof of this myth. Tomcat 5.0 and above are quite capable of serving static content, efficiently enough that you'll saturate your network connection long before you saturate disk, memory or CPU. So unless you have one of the situations like those described by Kristian. Like having other technologies like PHP you don't have to make load balance with Apache 2. Its way better to make a load balance with several Tomcats since you can make a load balance of your dynamic content too. On Jan 8, 2008 9:56 AM, Peter Crowther [EMAIL PROTECTED] wrote: From: Kristian Rink [mailto:[EMAIL PROTECTED] Asides this, while tomcat and friends (servlet containers) are made to serve up, well, J2EE web tier applications, web servers like apache2, lighttpd, ... are usually better at serving static content (images, static css files, html documents that don't contain any logic, ...). Review the list archives for the disproof of this myth. Tomcat 5.0 and above are quite capable of serving static content, efficiently enough that you'll saturate your network connection long before you saturate disk, memory or CPU. - Peter - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Diego - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JSP POST SSI, JSP sub request does not complete, bug id 43929
hi, could somebody please help me with this issue http://issues.apache.org/bugzilla/show_bug.cgi?id=43929 related issue is (http://issues.apache.org/bugzilla/show_bug.cgi?id=41949) i'm -not- using an old tomcat version; it does not work with apache-tomcat-5.5.25 on my system! perhaps someone can tell me where i can find the java connector source code changes (as described from Mark Thomas) for further debugging thanks - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Content_Length Problem
I have tried the isapi_redirect.dll Tim provided, and it appeared to almost work. CICS made the request and received my response but for some reason did not interpret it correctly. Is there something in the redirector's log that I can look at to verify it is using chunked encoding? I see the following line, but never see one where chunked encoding is true. [Tue Jan 08 08:05:07.220 2008] [13680:12960] [debug] init_jk::jk_isapi_plugin.c (2146): Using chunked encoding? false. Thanks- Joe -Original Message- From: Rainer Jung [mailto:[EMAIL PROTECTED] Sent: Saturday, January 05, 2008 11:05 AM To: Tomcat Users List Subject: Re: Content_Length Problem In Joes case CICS seems to get used as an HTTP client, not an HTTP server. Nevertheless the server page you found includes a link to http://publib.boulder.ibm.com/infocenter/cicsts/v3r1/topic/com.ibm.cics. ts31.doc/dfhtl/topics/dfhtl_cwschunking.htm that contains the following information: === When CICS as an HTTP client receives a chunked message as a response to an application program's request, the chunks are also assembled before being passed to the application program as an entity body, and any trailing headers can be read using the HTTP header commands. You can specify how long the application will wait to receive the response, using the RTIMOUT attribute of the transaction profile definition for the transaction ID that relates to the application program. === So it seems, that CICS 3.1 does support chunked encoding when reading an HTTP response. So using either apache httpd or the chunked-encoding enabled variant of the isapi redirector could indeed be the solution. Regards, Rainer Martin Gainty schrieb: Tim-Thanks for the comprehensive explanationI found this link helpful for CICS transactions http://publib.boulder.ibm.com/infocenter/cicsts/v3r1/index.jsp?topic=/ com.ibm.cics.ts31.doc/dfhtl/topics/dfhtl_http11serverintro.htm tml?ocid=TXT_TAGHM_Wave2_sharelife_012008 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail is confidential. If you are not the intended recipient, you must not disclose or use the information contained in it. If you have received this e-mail in error, please tell us immediately by return e-mail to [EMAIL PROTECTED] and delete the document. E-mails containing unprofessional, discourteous or offensive remarks violate Sentry policy. You may report employee violations by forwarding the message to [EMAIL PROTECTED] No recipient may use the information in this e-mail in violation of any civil or criminal statute. Sentry disclaims all liability for any unauthorized uses of this e-mail or its contents. This e-mail constitutes neither an offer nor an acceptance of any offer. No contract may be entered into by a Sentry employee without express approval from an authorized Sentry manager. Warning: Computer viruses can be transmitted via e-mail. Sentry accepts no liability or responsibility for any damage caused by any virus transmitted with this e-mail. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Why use a Web Server over Tomcat?
Bárbara, Am Tue, 8 Jan 2008 13:53:11 - schrieb Bárbara Vieira [EMAIL PROTECTED]: I understand your perspective. But, my question is about security. Why systems banks use an IIS Server instead of an Apache Server over a Tomcat Server(or some servlet container) [...] For what I have seen about online banking systems around here, some of them do use an IIS to do their web hosting (eventually by making use of some internal CMS to actually include/edit content) but the actual banking solution they do use is a J(2)EE application in some app server. In such a scenario, they are required to somehow create an integrated environment (with a behaviour seamless to the user), to somehow linking, say, IIS and the J(2)EE app server / servlet container. I understand the fact that systems uses a Web Server over another to serve static content. But if in my application all content is closed, i.e., every client that wants to accede to that content must be authenticated and that authentication is controlled by Tomcat. There's more to security than just authentication. In our environment, the tomcat installations are on production servers in our LAN fully accessible to our internal users desktop clients (including some more services for document / file access), and external access (from the outside internet) is done via an apache2 reverse proxy living in a DMZ segment. This way, I can keep people from directly accessing my productive systems, which is helpful to say the very least. ;) Cheers, Kristian -- Kristian Rink * http://zimmer428.net * http://flickr.com/photos/z428/ jab: [EMAIL PROTECTED] * icq: 48874445 * fon: ++49 176 2447 2771 One dreaming alone, it will be only a dream; many dreaming together is the beginning of a new reality. (Hundertwasser) - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Why use a Web Server over Tomcat?
Bárbara Vieira wrote: I understand your perspective. But, my question is about security. Why systems banks use an IIS Server instead of an Apache Server over a Tomcat Server(or some servlet container), if that systems authenticate the client using servlets technology or some technology supplied by some servlet container like Tomcat? I understand the fact that systems uses a Web Server over another to serve static content. But if in my application all content is closed, i.e., every client that wants to accede to that content must be authenticated and that authentication is controlled by Tomcat. Should I have some Web Server over Tomcat? I think that if I have an Apache Server over Tomcat, it causes an overhead, because all requests sent to Apache, must be sent to Tomcat. There's no simple answer. Running apache in front of tomcat has advantages: * load balancing / failover * static content handling (I know, tomcat behaves better and better, but some people want to have apache handle this) * easy integration of webapps from remote hosts * probably more... Easy integration of webapps from remote hosts: it's trivial (thanks to mod_jk or mod_proxy_ajp) to have one apache based virtual host with several remote apps /app1 /app2 /app3 /app4 running on different tomcat servers instead of one giantic tomcat server running all of them in one JVM. -- Mikolaj Rydzewski [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature
Busyness Method and others...
Hello! The documentation says the following on the Busyness Method... QUOTE If set to B[usyness] the balancer will pick the worker with the lowest current load, based on how many requests the worker is currently serving. This number is divided by the workers lbfactor, and the lowest value (least busy) worker is picked. This method is especially interesting, if your request take a long time to process, like for a download application. END QUOTE What is defined as take a long time, is it 30 sec, 40 sec, or more ? and from the clarifications I have got from this forum, the nodes load is determined by it network latency using cping and cping. These I believe are used by all load-balancer methods to determine a nodes health. So checking the Requested hits (Acc in jkmanager) or Busy (Busy in jkmanager) or the Traffic are just checking the counters of a node that is more active than the other nodes. Essentially what all these methods does is check a node's health by cping, cping (Network latency) , and if it responds in good time, then check either the 'Acc', 'Busy' or 'Traffic' counters and send to the node with least 'Acc' if 'Request' method is used or Busy if 'Busy' method is used or Bytes IN/OUT if Traffic method is used. Is this summary of mod_jk in non-technical perspective accurate ?? Thanks Regards Mohan -- View this message in context: http://www.nabble.com/Busyness-Method-and-others...-tp14690721p14690721.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Why use a Web Server over Tomcat?
On Tue, Jan 08, 2008 at 03:17:38PM +0100, Mikolaj Rydzewski wrote: There's no simple answer. Running apache in front of tomcat has advantages: * load balancing / failover * static content handling (I know, tomcat behaves better and better, but some people want to have apache handle this) * easy integration of webapps from remote hosts * probably more... * no need to fiddle with the weird Java-only truststore library files when providing certificates * no need to discover the specific incantation for your system that will allow Tomcat to open low-numbered ports (80, 443) and yet run as a nonprivileged user (not an issue on Windows, which lacks the notion of privileged ports) * easily throw up an informative page (service will resume by nn:nn) when taking services down for maintenance, instead of returning port-not-reachable * many many well-tested specialty modules for Apache HTTPD should you need to do something out of the ordinary -- Mark H. Wood, Lead System Programmer [EMAIL PROTECTED] Typically when a software vendor says that a product is intuitive he means the exact opposite. smime.p7s Description: S/MIME cryptographic signature
Re: tag file recursivity problem
Hi, It should be available in the next Tomcat release (in fact it was included in a not-released Tomcat 6.0.15) No idea when the next GA release be available. Regards, Lucas On Jan 8, 2008 12:18 PM, Jair da Silva Ferreira Jr [EMAIL PROTECTED] wrote: Hi, Thank you very much for your reply. Is this fix going to be available in the next Tomcat version? Do you know when the next version will be released? Thank you very much. Sincerely, Jair Jr Lucas Galfaso escreveu: Hi, This is a known issue is Tomcat 6.0.14, it was reported using http://issues.apache.org/bugzilla/show_bug.cgi?id=42693 and it is fixed in the trunk. Regards, lg On Jan 6, 2008 1:50 PM, Jair da Silva Ferreira Jr [EMAIL PROTECTED] wrote: Hi, I am experiencing a problem with recursivity in tag files in tomcat 6.0.14. I developed a simple tag file to show you the problem. Here is my tag file: %@ tag body-content=empty % %@ taglib uri=http://java.sun.com/jsp/jstl/core; prefix=c% %@ taglib prefix=t tagdir=/WEB-INF/tags % %@ attribute name=number required=true type=java.lang.Integer % c:choose c:when test=${number==0 || number==1}1/c:when c:otherwise${number}*t:factorial number=${number-1}//c:otherwise /c:choose The tag file is pretty simple. When called from a jsp file, the tag outputs how the factorial of any given number is calculated, but it doen't actually calculate the factorial result. For example: if the number paramenter is 5, the tag will output 5*4*3*2*1. Here is the portion of the jsp file that calls the tag: c:if test=${! empty param.number} Result: t:factorial number=${param.number}/ /c:if The problem is that nothing is displayed when the tag is called form a jsp file. It happens as if the tag is not being called at all or as if it is an empty tag file. After some work I found out the problem. Jasper is not correctly converting my recursive tag file to java code. The resulting java file found in tomcat's work directory has an empty doTag method. Here is the doTag method: public void doTag() throws JspException, java.io.IOException { } I've checked all tomcat logs and couldn't find any jasper error message. I've run the same web application in two different systems and the problem only happens in system 2. Here is the configuration: System 1 (development machine) (problem does not happen): - OS: Windows XP sp2 - Hardware: AMD Athlon XP 2400+ (2.03 GHz) (1,5 GB RAM) - Java (as stated by java -version command): java version 1.6.0_03 Java(TM) SE Runtime Environment (build 1.6.0_03-b05) Java HotSpot(TM) Client VM (build 1.6.0_03-b05, mixed mode, sharing) - Tomcat version: 6.0.14 (.zip download package) System 2 (production machine) (problem happens): - OS: Ubuntu linux 7.10 (codename gutsy) - Hardware: HP Tower Computer ProLiant ML350 G5, Intel(R) Xeon(R) CPU 5120 @ 1.86GHz, 4 GB RAM - Java (as stated by java -version command): java version 1.6.0_03 Java(TM) SE Runtime Environment (build 1.6.0_03-b05) Java HotSpot(TM) Server VM (build 1.6.0_03-b05, mixed mode) - Tomcat version: 6.0.14 (.tar.gz download package) I am sending you my factorial example web application. The file is recursive-tag.war. The application only has 2 files: index.jsp and factorial.tag. I am also sending you 2 jasper generated .java files extracted from the tomcat work directory. system1_factorial_tag.java is generated in the system 1 configuration and system2_factorial_tag.java is generated in the system 2 configuration. Please, notice that the doTag method is empty in system2_factorial_tag.java. Please, can anyone help me with this problem? Am I doing something wrong? Thank you very much. Sincerely, Jair Jr package org.apache.jsp.tag.web; import javax.servlet.*; import javax.servlet.http.*; import javax.servlet.jsp.*; public final class factorial_tag extends javax.servlet.jsp.tagext.SimpleTagSupport implements org.apache.jasper.runtime.JspSourceDependent { private static final JspFactory _jspxFactory = JspFactory.getDefaultFactory(); private static java.util.List _jspx_dependants; private JspContext jspContext; private java.io.Writer _jspx_sout; private org.apache.jasper.runtime.TagHandlerPool _005fjspx_005ftagPool_005fc_005fchoose; private org.apache.jasper.runtime.TagHandlerPool _005fjspx_005ftagPool_005fc_005fwhen_005ftest; private org.apache.jasper.runtime.TagHandlerPool _005fjspx_005ftagPool_005fc_005fotherwise; private javax.el.ExpressionFactory _el_expressionfactory; private org.apache.AnnotationProcessor
Re: Comet processor blocks if chunk includes final CRLF
fyi, we had to rework the patch, as there is a nasty data corruption bug with the old way of doing things. the new patch is at http://people.apache.org/~fhanik/patches/fix-bz7-alt-1.patch and is up for voting Filip Filip Hanik - Dev Lists wrote: the patch has been applied and will go into 6.0.16 Filip Chris Pettitt wrote: Filip, Do you know which release this patch will go into? Is there a bug number I can watch? Thanks, Chris On Dec 19, 2007 9:13 AM, Chris Pettitt [EMAIL PROTECTED] wrote: Filip, Your patch has fixed the chunk parsing and the processor is no longer blocking. Sometimes newly connected clients get disconnected immediately, but I think that is related to this bug: http://issues.apache.org/bugzilla/show_bug.cgi?id=43846. Thanks, Chris - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Comet API Question
yes, uncommenting that valve in context.xml should do the trick, is it not firing or are you just not catching it? 2nd question, currently it just marks the request/response as non comet, and then calls response.finishResponse(), this will write any left over bytes to the socket. Filip Jens Hagel wrote: Hi, i need to detect if the user reloads the webapp or rather if the connection gets interrupted. i therefore use the CometEvent.EventSubType but the events don't get fired. in the context.xml i've uncommented the CometConnectionManagerValve. Do I have to instantiate the ConnectionManager by myself or what's going wrong? 2nd question: it's a little bit unclear to my what happens when i call cometEvent.close() sometimes i use it and sometimes not with no difference.. :) Kind regards, Jens No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.516 / Virus Database: 269.17.11/1201 - Release Date: 12/28/2007 11:51 AM - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JSP POST SSI, JSP sub request does not complete, bug id 43929
Hi Robert, I reopened the bug. See comments there. Robert Starzer schrieb: hi, could somebody please help me with this issue http://issues.apache.org/bugzilla/show_bug.cgi?id=43929 related issue is (http://issues.apache.org/bugzilla/show_bug.cgi?id=41949) i'm -not- using an old tomcat version; it does not work with apache-tomcat-5.5.25 on my system! perhaps someone can tell me where i can find the java connector source code changes (as described from Mark Thomas) for further debugging thanks - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Setting Memory Limit per Virtual Host
We are running into some issues on a shared hosting machine. Basically Java is eating too much memory! :-) Is it possible to set the amount of memory that a virtual host is allowed to consume? Perhaps in the server.xml We have the overall JVM set to use 1024mb of ram, but it is getting to the point where it is exceeding this Be aware, if you limit the JVM heap size, that it additionally consumes memory on stack for each thread. Try to reduce max heap size to approximately 768 MB in your case. Johann - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Pojo Application Server: Release 1.0.3
A POJO Application Server... Lets one develop normal full java applications outside of the container. When they are dropped into the container only the UI side runs on the remote clients machine, thus one gets a light weight Rich Client, with no additional effort. The rest of the application runs in the server, making sophisticated server development childs play. Delivers games... anything. This version now incorporates an Active Desktop, which makes installing applications very easy for the user. Much easier than running setup on windows, and because of this new Coherent Diffusion technology, installation times on a network from a central application server, are in the order of 2 to 3 seconds. From the time your client see's the new application, to the time they use it... maybe 5 seconds. Enjoy! --- HARBOR: http://coolharbor.100free.com/index.htm The best application server on earth ---
Re: Busyness Method and others...
Mohan2005 schrieb: Hello! The documentation says the following on the Busyness Method... QUOTE If set to B[usyness] the balancer will pick the worker with the lowest current load, based on how many requests the worker is currently serving. This number is divided by the workers lbfactor, and the lowest value (least busy) worker is picked. This method is especially interesting, if your request take a long time to process, like for a download application. END QUOTE What is defined as take a long time, is it 30 sec, 40 sec, or more ? Let us rephrase this. Busyness is especially useful, if the number of parallel requests you can handle is your limiting factor. Suppose you need to handle very high concurrency, like e.g. 10.000 parallel requests. Then you might come close to how many connections your components (OS, web server, Tomcat, etc.) can handle and you need to balance with respect to the expensive ressource connections instead of CPU etc. Now how does parallelity relate to long running requests? Parallelity = Throughput * ResponseTime So given some fixed throughput, parallelity grows proportional to reponse times. Talking about long response times is thus a simplified rephrasing of talking about high concurrency. If you have 10 request per second (not a high load), but the response time is 5 minutes, then you will end up with about 3.000 parallel requests and this could be a good scenario for busyness method. and from the clarifications I have got from this forum, the nodes load is determined by it network latency using cping and cping. These I believe are Who told you that? cping/cpong have nothing to do with load decisions. They only help in deciding, if a worker is in error status or not. Load is distributed between all nodes that are not in error. To which of those nodes a request goes is not decided by cping cpong. used by all load-balancer methods to determine a nodes health. So checking the Requested hits (Acc in jkmanager) or Busy (Busy in jkmanager) or the Traffic are just checking the counters of a node that is more active than the other nodes. Essentially what all these methods does is check a node's health by cping, cping (Network latency) , and if it responds in good time, then check either yes the 'Acc', 'Busy' or 'Traffic' counters and send to the node with least 'Acc' if 'Request' method is used or Busy if 'Busy' method is used or Bytes IN/OUT if Traffic method is used. yes Is this summary of mod_jk in non-technical perspective accurate ?? Thanks Regards Mohan Regards, Rainer - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AccessControlException in Coyote Http11Processor (Tomcat 6.0.14). Bug in Coyote ?
Delian Krustev wrote: On Mon, 07 Jan 2008 20:59:28 + Mark Thomas wrote: Not right now. Could you provide the full debug stack trace again please. We should at least see a different problem now the code has been changed. Here it goes: I'm stumped. This stack trace indicates an issue with a different constant but it looks to be pretty much the same issue. Looking at this and the previous stack trace you provided, it seems to boil down to org.apache.jasper.servlet.JasperLoader not being able to access org/apache/coyote/http11/Constants or org/apache/coyote This is just nuts. In every stack trace every class that appears above either java.security.AccessController.doPrivileged(Native Method) or java.lang.Thread.run(Thread.java:619) is a Tomcat internal class that is in a jar in ${catalina.home}/lib and the policy file has set grant codeBase file:${catalina.home}/lib/- { permission java.security.AllPermission; }; I just don't see how we are seeing what we are seeing. My idea of a timing issue doesn't look right. You original suggestion of a third-party lib monkeying around with the security manager and/or policy looks more plausible. All I can suggest is start Tomcat with remote debugging enabled and when you see the error, connect, debug you way through a request and see if you can see what the security settings are and try and confirm that they match the policy file. If anyone else has any ideas, now would be the time to speak up. Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Previous file handle
Hi, I have a Tomcat 5.5 on a Debian GNU/Linux (etch) server. Tomcat was running smoothly for a long time. However, last week, my tomcat 5.5 started to have problems. When I want to start tomcat as: /etc/init.d/tomcat5.5 start I get this error message: Starting Tomcat servlet engine: tomcat5.51 Previous file handle doesn't exists /var/lib/tomcat5.5/logs/catalina_2008-01-08.log I tried re-installation. But it did not work. What may be the problem? -- ibrahim izlem GOZUKELES -- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Content_Length Problem
That log statement indicates you haven't enabled chunked encoding in the connector config (it's off by default). Add enable_chunked_encoding=true to your isapi_redirect.properties (or as a registry setting if you're using that) and restart IIS. tim -Original Message- From: Woytasik Joe [mailto:[EMAIL PROTECTED] Sent: Wednesday, 9 January 2008 3:25 a.m. To: Tomcat Users List Subject: RE: Content_Length Problem I have tried the isapi_redirect.dll Tim provided, and it appeared to almost work. CICS made the request and received my response but for some reason did not interpret it correctly. Is there something in the redirector's log that I can look at to verify it is using chunked encoding? I see the following line, but never see one where chunked encoding is true. [Tue Jan 08 08:05:07.220 2008] [13680:12960] [debug] init_jk::jk_isapi_plugin.c (2146): Using chunked encoding? false. Thanks- Joe -Original Message- From: Rainer Jung [mailto:[EMAIL PROTECTED] Sent: Saturday, January 05, 2008 11:05 AM To: Tomcat Users List Subject: Re: Content_Length Problem In Joes case CICS seems to get used as an HTTP client, not an HTTP server. Nevertheless the server page you found includes a link to http://publib.boulder.ibm.com/infocenter/cicsts/v3r1/topic/com.ibm.cics. ts31.doc/dfhtl/topics/dfhtl_cwschunking.htm that contains the following information: === When CICS as an HTTP client receives a chunked message as a response to an application program's request, the chunks are also assembled before being passed to the application program as an entity body, and any trailing headers can be read using the HTTP header commands. You can specify how long the application will wait to receive the response, using the RTIMOUT attribute of the transaction profile definition for the transaction ID that relates to the application program. === So it seems, that CICS 3.1 does support chunked encoding when reading an HTTP response. So using either apache httpd or the chunked-encoding enabled variant of the isapi redirector could indeed be the solution. Regards, Rainer Martin Gainty schrieb: Tim-Thanks for the comprehensive explanationI found this link helpful for CICS transactions http://publib.boulder.ibm.com/infocenter/cicsts/v3r1/index.jsp?topic=/ com.ibm.cics.ts31.doc/dfhtl/topics/dfhtl_http11serverintro.htm tml?ocid=TXT_TAGHM_Wave2_sharelife_012008 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail is confidential. If you are not the intended recipient, you must not disclose or use the information contained in it. If you have received this e-mail in error, please tell us immediately by return e-mail to [EMAIL PROTECTED] and delete the document. E-mails containing unprofessional, discourteous or offensive remarks violate Sentry policy. You may report employee violations by forwarding the message to [EMAIL PROTECTED] No recipient may use the information in this e-mail in violation of any civil or criminal statute. Sentry disclaims all liability for any unauthorized uses of this e-mail or its contents. This e-mail constitutes neither an offer nor an acceptance of any offer. No contract may be entered into by a Sentry employee without express approval from an authorized Sentry manager. Warning: Computer viruses can be transmitted via e-mail. Sentry accepts no liability or responsibility for any damage caused by any virus transmitted with this e-mail. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Previous file handle
does the log /var/lib/tomcat5.5/logs/catalina_2008-01-08.log exist? M- - Original Message - From: izlem Gozukeles [EMAIL PROTECTED] To: users@tomcat.apache.org Sent: Tuesday, January 08, 2008 5:00 PM Subject: Previous file handle Hi, I have a Tomcat 5.5 on a Debian GNU/Linux (etch) server. Tomcat was running smoothly for a long time. However, last week, my tomcat 5.5 started to have problems. When I want to start tomcat as: /etc/init.d/tomcat5.5 start I get this error message: Starting Tomcat servlet engine: tomcat5.51 Previous file handle doesn't exists /var/lib/tomcat5.5/logs/catalina_2008-01-08.log I tried re-installation. But it did not work. What may be the problem? -- ibrahim izlem GOZUKELES -- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Previous file handle
Date sent: Wed, 09 Jan 2008 00:00:18 +0200 From: izlem Gozukeles [EMAIL PROTECTED] Subject:Previous file handle To: users@tomcat.apache.org Send reply to: Tomcat Users List users@tomcat.apache.org Hi, I have a Tomcat 5.5 on a Debian GNU/Linux (etch) server. Tomcat was running smoothly for a long time. However, last week, my tomcat 5.5 started to have problems. When I want to start tomcat as: /etc/init.d/tomcat5.5 start I get this error message: Starting Tomcat servlet engine: tomcat5.51 Previous file handle doesn't exists /var/lib/tomcat5.5/logs/catalina_2008-01-08.log Looks like this error is from rotatelogs. Simple fix, create the file it's complaining is not there with same ownership and permissions as the rest of the catalina logs and try starting tomcat again. I tried re-installation. But it did not work. What may be the problem? -- ibrahim izlem GOZUKELES -- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Previous file handle
I tried this before. But it didn't solve the problem. Additionaly, I uninstalled tomcat, remove configuration files and log files. Then tried a clean install with new configuration files and log files. But it didn't work. Steve Ochani wrote: Looks like this error is from rotatelogs. Simple fix, create the file it's complaining is not there with same ownership and permissions as the rest of the catalina logs and try starting tomcat again. -- ibrahim izlem GOZUKELES -- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Why use a Web Server over Tomcat?
--- HARBOR: http://coolharbor.100free.com/index.htm The best application server on earth --- - Original Message - From: Bárbara Vieira [EMAIL PROTECTED] To: 'Tomcat Users List' users@tomcat.apache.org Sent: Tuesday, January 08, 2008 1:13 PM Subject: Why use a Web Server over Tomcat? Hi there! I'm making a research about internet banking and e-commerce good practices to design a secure system. I have an application based on servlets running in a Tomcat Server. My application provides secure authentication based in both methods: SSL mutual authentication and form authentication(supplied by Tomcat). All the data that is sent over the network are encrypted(SSL). In my research I discovered that some systems banks that using applications based on servlets( or something based on servlets, like JSP and other things), are using a Web Server like ISS, over a Servlet Container( like Sun Web Server, or possibly Tomcat Server). Why that's happen? Why we have a Web Server over another Web Server, if the low-level Web Server is capable to do everything alone? In my application, client authentication and authorization is controlled by Tomcat Server. Should use I a Apache Server over Tomcat or an IIS server over Tomcat? What kind of security am I providing doing this? == I dont think in the context of your question it really matters. I think what you seeing is a DMZ http://en.wikipedia.org/wiki/Demilitarized_zone_(computing) The web server lives in the DMZ and it provides good security, read up on the idea of DMZ. After that its just a matter of preference, the Admin guys probably know MS stuff and not linux, so they have opted for IIS. So in those organization Tomcat is probably behind the second internal fire wall for staff to use as well. It probably still runs on port 8080 and thus a hacker has to break in through 2 firewalls to get at TC. One reason for doing this, is again not whether IIS or APACHE is better although APACHE on linux in the hands of a guru is very good, its because Tomcat carries clear text passwords, so if a hacker did get at the machine, they would probably see the Active X LDAP master password, as well as those for sensitive dB's they protecting the machine, not the web pages via SSL I think ;) == My research is in the beginning and the documentation about it is vague, so I apologize if I'm saying something wrong. Regards, Bárbara Vieira - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Preferred load-balanced worker
Hi, Is there a way to specify at runtime what worker the load-balancer should use first? For some request, we can't use cookies so we pass the session id via the URL or via the query string. We then force the worker using RewriteRule and the JK_WORKER_NAME env var. But then the request doesn't pass through the load-balancer anymore. So even if we stop that worker in the load-balancer, it will still receive the request instead of being redirected to another worker. So is there a JK_LB_PREFERRED_WORKER kind of variable or equivalent that the load-balancer would use instead of the cookie? - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Monitoring Tomcat Clusters
Thanks to all for the tips : ) Peter Rossbach [EMAIL PROTECTED] de To Tomcat Users List 01/08/2008 users@tomcat.apache.org 06:02 PM cc Subject Please respond Re: Monitoring Tomcat Clusters to Tomcat Users List [EMAIL PROTECTED] pache.org Hi! A very fine new Eclipse plugin make the monitoring live easier: http://jmxplorer.sourceforge.net/wiki/index.php/Managing_Tomcat and for admin access give the jagger cli/jmx interface a chance: http://jagger.berlios.de/ The lamdaprobe console had also a nice tomcat 5.5 jmx cluster monitoring (http://www.lambdaprobe.org/d/index.html), but it seem that probe development is stopped! Regards Peter Am 08.01.2008 um 11:40 schrieb Vinu Varghese Sorry I missed this in the last post Also regarding Monitoring tomcat , using JMX is better Check this: http://tomcat.apache.org/tomcat-5.5-doc/monitoring.html Shiby Maria John wrote: HI, Do the Tomcat 5.5.x / 6.x versions have a default bundled application for monitoring tomcat clusters ? Also does it support JMS ? Regards, Shiby - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- signature full-name Vinu Varghese /full-name company-email [EMAIL PROTECTED] /company-email company-website www.x-minds.org /company-website big-words Success always occurs in private, and failure in full view. /big-words company-name-big \/ ._ _ o .__| _ /\ ~~ | | | | | | (_| _ \/ company-name-big /signature - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: One of my boxes, the cluster is not working anymore
On Jan 7, 2008 2:49 PM, Filip Hanik - Dev Lists [EMAIL PROTECTED] wrote: easiest way to see your packets fly by, is to use wireshark and just sniff UDP packets Filip Randy Paries wrote: On Jan 7, 2008 1:55 PM, Filip Hanik - Dev Lists [EMAIL PROTECTED] wrote: org.apache.catalina.cluster.session.DeltaManager getAllClusterSessions INFO: Manager []: skipping state transfer. No members active in cluster group. this indicates that the box not working, is not receiving multicast messages from the other nodes. you'd need to look into the multicasting configuration in server.xml and also on your box/network Filip Randy Paries wrote: Hello, I need some help. I rolled out a new version of my web app last night Stopped and started tomcat and now one of my boxes (they all have the same webapp) will not attach(if that is the correct term) to the cluster. I am doing session sharing between three tomcat servers. I did not change any of the server.xml stuff I am running tomcat 5.5.15 Please help ASAP, this is a production box and not sure what to do. this is from the catalina.out on a working Box. ///Stuff Deleted --- Filip, thanks for responding. All three boxes have this in the server.xml Any ideas on how to test to see if this one box is recieving multicast messages? Cluster className=org.apache.catalina.cluster.tcp.SimpleTcpCluster managerClassName=org.apache.catalina.cluster.session.DeltaManager expireSessionsOnShutdown=false useDirtyFlag=true notifyListenersOnReplication=true Membership className=org.apache.catalina.cluster.mcast.McastService mcastAddr=228.0.0.9 mcastPort=45564 mcastFrequency=500 mcastDropTime=3000/ Receiver className=org.apache.catalina.cluster.tcp.ReplicationListener tcpListenAddress=auto tcpListenPort=4001 tcpSelectorTimeout=100 tcpThreadCount=35/ Sender className=org.apache.catalina.cluster.tcp.ReplicationTransmitter replicationMode=pooled ackTimeout=15000/ Valve className=org.apache.catalina.cluster.tcp.ReplicationValve filter=.*\.gif;.*\.js;.*\.jpg;.*\.png;.*\.htm;.*\.html;.*\.css;.*\.txt;.*\.pdf;\*.wav;\*.mp3;/ Deployer className=org.apache.catalina.cluster.deploy.FarmWarDeployer tempDir=/tmp/war-temp/ deployDir=/tmp/war-deploy/ watchDir=/tmp/war-listen/ watchEnabled=false/ ClusterListener className=org.apache.catalina.cluster.session.ClusterSessionListener/ /Cluster Hello, So here is an update, still struggling with this problem. if I do a tcpdump port 4001, i can see lots of traffic on box2 and box3 but none on box 1 so tonight i swapped out eth1 (i was told that maybe a nic card could not transmit UDP) i also went into the server.xml and forced tcpListenAddress to eth1 on each box. tcpdump port 4001 -i eth1 gives me traffic on box2 and box3 but not box1 i am no longer getthing the exception on boot up, all get now is: INFO: Cluster is about to start Jan 8, 2008 11:06:08 PM org.apache.catalina.cluster.tcp.ReplicationTransmitter start INFO: Start ClusterSender at cluster Catalina:type=Cluster,host=localhost with name Catalina:type=ClusterSender,host=localhost Jan 8, 2008 11:06:08 PM org.apache.catalina.cluster.mcast.McastService start INFO: Sleeping for 2000 secs to establish cluster membership Jan 8, 2008 11:06:10 PM org.apache.catalina.cluster.mcast.McastService registerMBean INFO: membership mbean registered (Catalina:type=ClusterMembership,host=localhost) Jan 8, 2008 11:06:10 PM org.apache.catalina.cluster.deploy.FarmWarDeployer start INFO: Cluster FarmWarDeployer started. Jan 8, 2008 11:06:11 PM org.apache.catalina.cluster.session.DeltaManager start INFO: Register manager to cluster element Host with name localhost Jan 8, 2008 11:06:11 PM org.apache.catalina.cluster.session.DeltaManager start INFO: Starting clustering manager at Jan 8, 2008 11:06:11 PM org.apache.catalina.cluster.session.DeltaManager getAllClusterSessions INFO: Manager []: skipping state transfer. No members active in cluster group. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
looking for sample MBean code for tomcat 6
hello, I am looking some sample MBean code for TC 6.0.. I was able to model some code after the source code (e.g. MemoryUserDatabaseMBean.java in the org.apache.catalina.users. package) . I was also able to create the mbeans-descriptor.xml One question that I have is that even though the code compiled and deployed TC, i am not able to see my custom MBean via JConsole . Are there additional things needed to get the MBean registered properly in TC? Thanks in advance. Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]